Chapter 31. Know Where the Secrets Are Kept and How

Emmanuel Apau

CTO, Mechanicode.io and Cofounder, Black Code Collective

The first order of business for a cloud engineer is ensuring you have a thorough understanding of where and how the secrets are secured. This knowledge will allow you to build an environment founded in security and provide protection from future accidents.

Let’s answer the obvious question: what is a secret? Secrets are the organization’s sensitive data; for example, passwords, certificates, application credentials, and API keys. I categorize secrets into two buckets: user and infrastructure/application. Each requires a different management workflow.

So what is secret management? Secret management is the central mechanism used to secure this sensitive data. There are three workflows to take into consideration when determining management methodology.

How Do We Share Secrets Between the Infrastructure and the Applications?

As cloud services and microservices proliferate exponentially, so does the need to ensure they can communicate with each other securely. Most cloud providers provide a means to manage this. However, it’s the responsibility of the engineers to build the organization’s conventions as a wrapper to these SaaS options. This wrapper could be an internal web app, a command-line tool, or checks during a CI phase that cover the following:

  • The environment ...

Get 97 Things Every Cloud Engineer Should Know now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial